NEAS[.]d0a1d50b82e124e7d89b8ce53716af20[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d0a1d50b82e124e7d89b8ce53716af20.exe
Size

1.6MB
MD5

d0a1d50b82e124e7d89b8ce53716af20
SHA1

53055a716837471c788f4e34c1f2ff320069e7e9
SHA256

7438ef7973bf47ed228b50ee22d031d9569819d8d5f612f40ea9e30d9d751bcd
SHA512

899d9d530a180db7a156449e50b52153f6857be02733f38414e73f897ea764026ef3518a08e5ba272323fd5c7c96654afe274949c72d1ffc3e78a5e216bf57f9
SSDEEP

49152:VEHovqz5T1GxpS12TCF+p4B9gFv5mm1ZpqrmuJ/SR:mHoveTsPuMGjWR7ormE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d0a1d50b82e124e7d89b8ce53716af20.exe

Files

NEAS.d0a1d50b82e124e7d89b8ce53716af20.exe
.dll windows:4 windows x86

0a579e541222a32fd9463be03dcb446f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryW
GetFileAttributesW
GetVersion
FreeLibrary
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
IsBadStringPtrW
GetSystemDefaultLCID
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileStringW
GetSystemDirectoryW
GlobalUnlock
GlobalLock
lstrcmpA
GlobalFree
FindClose
DeleteFileW
FindFirstFileW
GlobalAlloc
GetWindowsDirectoryW
GetACP
GetCurrentProcessId
GetSystemDefaultLangID
lstrcmpiA
GetFullPathNameA
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetFileAttributesA
GetModuleFileNameA
GetSystemTimeAsFileTime
GlobalFlags
GetFullPathNameW
lstrcmpiW
IsBadStringPtrA
SetFileAttributesW
CreateDirectoryW
GetVersionExA
IsBadCodePtr
ExpandEnvironmentStringsW
LocalFree
FormatMessageW
GetUserDefaultLangID
WriteFile
MoveFileW
GetLocalTime
GetFileSizeEx
SetEndOfFile
VirtualFree
CreateEventW
FileTimeToSystemTime
CompareStringW
LoadLibraryExW
VirtualProtect
QueryPerformanceCounter
CreateProcessA
GetTempFileNameA
GetTempPathA
RaiseException
LocalAlloc
CreateMutexA
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
PulseEvent
WaitForSingleObjectEx
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
CreateThread
GetTempPathW
OpenThread
GetFileSize
CreateFileMappingW
lstrcmpW
DebugBreak
Beep
OpenProcess
GetProcessTimes
LockFile
UnlockFile
FlushFileBuffers
GetFileInformationByHandle
ReadFile
GetOverlappedResult
CreateFileW
DuplicateHandle
GetUserDefaultLCID
CompareStringA
lstrlenA
CreateFileMappingA
GetLastError
MapViewOfFile
VirtualQuery
UnmapViewOfFile
VirtualAlloc
GetCurrentThread
GetCurrentProcess
SetErrorMode
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
CloseHandle
GetModuleHandleW
Sleep
SetFilePointer
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

user32

GetWindowTextLengthA
GetWindowTextW
SetWindowTextW
GetFocus
DestroyWindow
SetDlgItemTextA
DialogBoxParamW
CreateDialogParamW
GetDlgItemTextW
EnableWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
ShowWindow
GetWindowLongA
EndDialog
SetWindowLongA
CheckDlgButton
SetDlgItemTextW
GetDlgItemTextA
SetFocus
SendDlgItemMessageA
IsDlgButtonChecked
GetDlgItem
SendMessageA
GetSysColor
GetSystemMetrics
GetWindowRect
OffsetRect
MoveWindow
MessageBoxW
CharUpperBuffA
SetPropA
SetForegroundWindow
GetPropA
PostMessageA
RemovePropA
WinHelpW
LoadStringW
GetLastInputInfo
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
CharUpperA
CharNextW
LoadStringA
IsCharAlphaNumericA
LoadCursorA
SetCursor
GetAsyncKeyState
MessageBoxA
RegisterWindowMessageA

advapi32

ConvertSidToStringSidW
OpenSCManagerA
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventW
RegQueryValueExW
GetUserNameA
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegOpenKeyExW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetLengthSid

olmapi32

ConvertRTFPTStream@28
ConvertHtmlPTStream@28
ord185
ConvertHtmlToHtmlStream@16
HrVersionCompare@8
ord128
ord165
ord164
ord347
GetDefCachedModeDownloadDelegatePIM@4
GetDefCachedModeDownloadPubFoldFavs@4
GetDefCachedMode@4
HrGetEMSUnicodeMode@12
OlkURE_SetTextW@8
OlkURE_GetTextW@12
ord187
FIsOutlookExe@0
GetThrottleSupplier@4
GetDelegateCheckPrivateItemAccessInterval@4
SyncEventOccurred@4
FSetActiveIMEStatus@8
FInitIME@12
FDeinitIME@4
FIMEMessage@20
NCheckIMEMessage@16
HrConvertString8ToUnicodeEx@32
HrCopyUnicodeEx@28
HrConvertUnicodeToString8Ex@32
ord50
ord54
ord53
ord55
ord52
ord49
ord183
ConvertRTFPT@28
ConvertHtmlPT@28
ConvertHtmlRTF@24
HrRunFnOnThreadEx@24
ord174
HrConvertSPropValuesEx@64
HrConvertStringEx@40
HrCreateShutdownObj@4
HrRunFnOnThreadWait@16
HrDeleteOneProp@8
HrCreateThrottleQueue@16
HrOpenOfflineObj@20
ord73
EnterThrottleSupplier@4
LeaveThrottleSupplier@4
ShowCountedBucketedString@24
ord129
ord15
EtwTraceMessage
MAPIReallocateBuffer@12
UnwrapObjectAll@8
ord190
ord46
CbGSzLen@4
ord130
ord250
ord259
ord75
HrCreateNewWrappedObjectEx@48
ord139
ord76
ord179
ord181
SzGFindCh@8
ord136
ord135
ord189
ord140
ord61
ord138
ord241
ord60
UlGCharType@4
SzGPrev@8
ord77
ord80
ord79
FGAlign@8
ord78
FGLeadByte@4
SzGNext@4
ord13
ord47
ord48
CbPhysicalMemory@0
HrOlkCreateMsoCycleManager@4
REFTRACK_CreateRefTrackRoot@8
ReadRegDWordValueAndPolicy@24
ord17
REFTRACK_AddRefEx@16
EtwTraceErrorTag@8
HrCreateThrottleMutex@16
CreateVirtualStream@4
HrCreateThrottleManager@12
HrConvertMAPIErrorEx@36

msvcr80

_wstrtime_s
_wstrdate_s
fwprintf
_wfopen_s
_waccess
exit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
iswalnum
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
??2@YAPAXI@Z
_strlwr_s
wcsncmp
strncmp
qsort
strchr
_wcsnicmp
_strnicmp
wcsrchr
wcstoul
wcschr
strstr
_wcslwr_s
strrchr
_vsnwprintf
_vsnprintf
towlower
memset
memmove
free
malloc
memcpy
??3@YAXPAX@Z

Exports

Exports

ABProviderInit
DllMain
HrAddFavs
MSProviderInit
NDBGetFileInfo
NSTServiceEntry
OSTServiceEntry
OTONNotifyNewMail
PABServiceEntry
PSTCrashRecovery
PSTServiceEntry
PSTServiceEntry_Unicode
ScGetPABImporter
ShutdownSearchIndexer

Sections

.text
Size: 996KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a579e541222a32fd9463be03dcb446f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

olmapi32

msvcr80

Exports

Exports

Sections

.text Size: 996KB - Virtual size: 996KB

.data Size: 21KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 996KB - Virtual size: 996KB

.data
Size: 21KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 596KB - Virtual size: 600KB